Slack: Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs

Hi, I noticed while looking at an old article I made a while ago that some links were actually inserted as javascript:-links. Doing some modifications to these actually revealed that inside editing mode, no protection is added for getting arbitrary scripts to run. This means that by catching the...